rpm package

suse/xen&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1

pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1

Vulnerabilities (234)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-19665		—	< 4.5.5_28-22.58.1	4.5.5_28-22.58.1	Dec 6, 2018	The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2018-18438		—	< 4.5.5_28-22.58.1	4.5.5_28-22.58.1	Oct 19, 2018	Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2018-10839		—	< 4.5.5_28-22.58.1	4.5.5_28-22.58.1	Oct 16, 2018	Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting
CVE-2018-17958	Hig	7.5	< 4.5.5_28-22.58.1	4.5.5_28-22.58.1	Oct 9, 2018	Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-17963		—	< 4.5.5_28-22.58.1	4.5.5_28-22.58.1	Oct 9, 2018	qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-17962		—	< 4.5.5_28-22.58.1	4.5.5_28-22.58.1	Oct 9, 2018	Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2018-3646		—	< 4.5.5_26-22.55.2	4.5.5_26-22.55.2	Aug 14, 2018	Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
CVE-2016-9603		—	< 4.5.5_10-22.14.1	4.5.5_10-22.14.1	Jul 27, 2018	A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest c
CVE-2017-2633		—	< 4.5.5_10-22.14.1	4.5.5_10-22.14.1	Jul 27, 2018	An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU pro
CVE-2017-2620		—	< 4.5.5_06-22.11.2	4.5.5_06-22.11.2	Jul 27, 2018	Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro
CVE-2017-2615		—	< 4.5.5_06-22.11.2	4.5.5_06-22.11.2	Jul 2, 2018	Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result
CVE-2018-12893		—	< 4.5.5_24-22.52.3	4.5.5_24-22.52.3	Jul 2, 2018	An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can
CVE-2018-12891		—	< 4.5.5_24-22.52.3	4.5.5_24-22.52.3	Jul 2, 2018	An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing
CVE-2018-3665		—	< 4.5.5_24-22.52.3	4.5.5_24-22.52.3	Jun 21, 2018	System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2018-12617		—	< 4.5.5_24-22.52.3	4.5.5_24-22.52.3	Jun 21, 2018	qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploit
CVE-2018-11806		—	< 4.5.5_24-22.52.3	4.5.5_24-22.52.3	Jun 13, 2018	m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-3639		—	< 4.5.5_24-22.49.1	4.5.5_24-22.49.1	May 22, 2018	Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
CVE-2018-8897		—	< 4.5.5_24-22.46.1	4.5.5_24-22.46.1	May 8, 2018	A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
CVE-2018-10472		—	< 4.5.5_24-22.46.1	4.5.5_24-22.46.1	Apr 27, 2018	An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
CVE-2018-10471		—	< 4.5.5_24-22.46.1	4.5.5_24-22.46.1	Apr 27, 2018	An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.

CVE-2018-19665Dec 6, 2018
affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2018-18438Oct 19, 2018
affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value.
CVE-2018-10839Oct 16, 2018
affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting
CVE-2018-17958HigOct 9, 2018
affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
CVE-2018-17963Oct 9, 2018
affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
qemu_deliver_packet_iov in net/net.c in Qemu accepts packet sizes greater than INT_MAX, which allows attackers to cause a denial of service or possibly have unspecified other impact.
CVE-2018-17962Oct 9, 2018
affected < 4.5.5_28-22.58.1fixed 4.5.5_28-22.58.1
Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data type is used.
CVE-2018-3646Aug 14, 2018
affected < 4.5.5_26-22.55.2fixed 4.5.5_26-22.55.2
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis
CVE-2016-9603Jul 27, 2018
affected < 4.5.5_10-22.14.1fixed 4.5.5_10-22.14.1
A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest c
CVE-2017-2633Jul 27, 2018
affected < 4.5.5_10-22.14.1fixed 4.5.5_10-22.14.1
An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU pro
CVE-2017-2620Jul 27, 2018
affected < 4.5.5_06-22.11.2fixed 4.5.5_06-22.11.2
Quick emulator (QEMU) before 2.8 built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to an out-of-bounds access issue. The issue could occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use this flaw to crash the QEMU pro
CVE-2017-2615Jul 2, 2018
affected < 4.5.5_06-22.11.2fixed 4.5.5_06-22.11.2
Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is vulnerable to an out-of-bounds access issue. It could occur while copying VGA data via bitblt copy in backward mode. A privileged user inside a guest could use this flaw to crash the QEMU process result
CVE-2018-12893Jul 2, 2018
affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least one of these safety checks can be triggered by a guest. A malicious PV guest can
CVE-2018-12891Jul 2, 2018
affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain points. A few rarely taken code paths did bypass such checks. By suitably enforcing
CVE-2018-3665Jun 21, 2018
affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
CVE-2018-12617Jun 21, 2018
affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
qmp_guest_file_read in qga/commands-posix.c and qga/commands-win32.c in qemu-ga (aka QEMU Guest Agent) in QEMU 2.12.50 has an integer overflow causing a g_malloc0() call to trigger a segmentation fault when trying to allocate a large memory chunk. The vulnerability can be exploit
CVE-2018-11806Jun 13, 2018
affected < 4.5.5_24-22.52.3fixed 4.5.5_24-22.52.3
m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams.
CVE-2018-3639May 22, 2018
affected < 4.5.5_24-22.49.1fixed 4.5.5_24-22.49.1
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka
CVE-2018-8897May 8, 2018
affected < 4.5.5_24-22.46.1fixed 4.5.5_24-22.46.1
A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP
CVE-2018-10472Apr 27, 2018
affected < 4.5.5_24-22.46.1fixed 4.5.5_24-22.46.1
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot.
CVE-2018-10471Apr 27, 2018
affected < 4.5.5_24-22.46.1fixed 4.5.5_24-22.46.1
An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754.

Page 3 of 12